diff --git a/README.md b/README.md index 6a3600f70..240eae847 100644 --- a/README.md +++ b/README.md @@ -216,6 +216,8 @@ The following is a list of static resources. - [azure_postgresql_databases](docs/resources/azure_postgresql_databases.md) - [azure_postgresql_server](docs/resources/azure_postgresql_server.md) - [azure_postgresql_servers](docs/resources/azure_postgresql_servers.md) +- [azure_power_bi_gateway](docs/resources/azure_power_bi_gateway.md) +- [azure_power_bi_gateways](docs/resources/azure_power_bi_gateways.md) - [azure_public_ip](docs/resources/azure_public_ip.md) - [azure_redis_cache](docs/resources/azure_redis_cache.md) - [azure_redis_caches](docs/resources/azure_redis_caches.md) diff --git a/docs/resources/azure_power_bi_gateway.md b/docs/resources/azure_power_bi_gateway.md new file mode 100644 index 000000000..6a37f23ab --- /dev/null +++ b/docs/resources/azure_power_bi_gateway.md @@ -0,0 +1,82 @@ +--- +title: About the azure_power_bi_gateway Resource +platform: azure +--- + +# azure_power_bi_gateway + +Use the `azure_power_bi_gateway` InSpec audit resource to test the properties related to Azure Power BI gateway. + +## Azure REST API version, Endpoint, and HTTP Client Parameters + +This resource interacts with API versions supported by the resource provider. The `api_version` is defined as a resource parameter. +If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). + +Unless defined, `azure_cloud` global endpoint and default values for the HTTP client are used. For more information, refer to the resource pack [README](../../README.md). + +## Availability + +### Installation + +This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). + +## Syntax + +`gateway_id` is a required parameter. + +```ruby +describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do + it { should exist } +end +``` + +## Parameters + +`gateway_id` _(required)_ + +The gateway ID. + +## Properties + +| Property | Description | +|-------------------------------------|------------------------------------------------------------------| +| id | The gateway ID. | +| name | The gateway name. | +| type | The gateway type. | +| publicKey.exponent | The public key exponent. | +| publicKey.modulus | The public key modulus. + +For properties applicable to all resources, such as `type`, `name`, `id`, and `properties`, refer to [`azure_generic_resource`](azure_generic_resource.md#properties). + +Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/gateways/get-gateway) for other properties available. + +## Examples + +### Test that the Power BI gateway's exponent is `AQAB` + +```ruby +describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do + its('publicKey.exponent') { should eq 'AQAB' } +end +``` + +## Matchers + +This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](/inspec/matchers/). + +### exists + +```ruby +# If the Azure Power BI gateway is found, it will exist +describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do + it { should exist } +end +# if the Azure Power BI gateway is not found, it will not exist +describe azure_power_bi_gateway(gateway_id: 'GATEWAY_ID') do + it { should_not exist } +end +``` + +## Azure Permissions + +Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI Workspace you wish to test. diff --git a/docs/resources/azure_power_bi_gateways.md b/docs/resources/azure_power_bi_gateways.md new file mode 100644 index 000000000..744167e67 --- /dev/null +++ b/docs/resources/azure_power_bi_gateways.md @@ -0,0 +1,88 @@ +--- +title: About the azure_power_bi_gateways Resource +platform: azure +--- + +# azure_power_bi_gateways + +Use the `azure_power_bi_gateways` InSpec audit resource to test the properties related to all Azure Power BI gateways. + +## Azure REST API version, Endpoint, and HTTP Client Parameters + +This resource interacts with API versions supported by the resource provider. The `api_version` is defined as a resource parameter. +If not provided, the latest version is used. For more information, refer to [`azure_generic_resource`](azure_generic_resource.md). + +Unless defined, `azure_cloud` global endpoint and default values for the HTTP client is used. For more information, refer to the resource pack [README](../../README.md). + +## Availability + +### Installation + +This resource is available in the [InSpec Azure resource pack](https://github.com/inspec/inspec-azure). For an example, `inspec.yml` file and how to set up your Azure credentials, refer to resource pack [README](../../README.md#Service-Principal). + +## Syntax + +An `azure_power_bi_gateways` resource block returns all Azure Power BI gateways. + +```ruby +describe azure_power_bi_gateways do + #... +end +``` + +## Parameters + +## Properties + +|Property | Description | Filter Criteria* | +|--------------------------------|------------------------------------------------------------------------|------------------| +| ids | List of all gateway IDs. | `id` | +| names | List of all the gateway names. | `name` | +| types | List of all the gateway types. | `type` | +| exponents | List of all public key exponents. | `exponent` | +| modulus | List of all public key modulus. | `modulus` | + + +* For information on how to use filter criteria on plural resources refer to [FilterTable usage](https://github.com/inspec/inspec/blob/master/dev-docs/filtertable-usage.md). +Also, refer to [Azure documentation](https://docs.microsoft.com/en-us/rest/api/power-bi/Gateways/get-Gateways) for other available properties. + +## Examples + +### Loop through Power BI gateways by their IDs + +```ruby +azure_power_bi_gateways.ids.each do |id| + describe azure_power_bi_gateway(gateway_id: id) do + it { should exist } + end +end +``` + +### Test to ensure all Power BI gateways exponent is `AQAB` + +```ruby +describe azure_power_bi_gateways.where(exponent: 'AQAB') do + it { should exist } +end +``` + +## Matchers + +This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [Universal Matchers page](https://www.inspec.io/docs/reference/matchers/). + +### exists + +```ruby +# Should not exist if no Power BI gateways are present +describe azure_power_bi_gateways do + it { should_not exist } +end +# Should exist if the filter returns at least one Power BI gateways +describe azure_power_bi_gateways do + it { should exist } +end +``` + +## Azure Permissions + +Your [Service Principal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) must be set up with a `Dataset.Read.All` role on the Azure Power BI Workspace you wish to test. diff --git a/libraries/azure_power_bi_gateway.rb b/libraries/azure_power_bi_gateway.rb new file mode 100644 index 000000000..575639817 --- /dev/null +++ b/libraries/azure_power_bi_gateway.rb @@ -0,0 +1,34 @@ +require 'azure_generic_resource' + +class AzurePowerBIGateway < AzureGenericResource + name 'azure_power_bi_gateway' + desc 'Retrieves and verifies the settings of a Azure Power BI Gateway' + example <<-EXAMPLE + describe azure_power_bi_gateway(gateway_id: '95a4871a-33a4-4f35-9eea-8ff006b4840b') do + it { should exist } + end + EXAMPLE + + attr_reader :table + + AUDIENCE = 'https://analysis.windows.net/powerbi/api'.freeze + + def initialize(opts = {}) + raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) + + Validators.validate_parameters(resource_name: @__resource_name__, required: %i(gateway_id), + opts: opts) + + opts[:name] = opts.delete(:gateway_id) + opts[:resource_uri] = "https://api.powerbi.com/v1.0/myorg/gateways/#{opts[:name]}" + opts[:audience] = AUDIENCE + opts[:add_subscription_id] = false + opts[:is_uri_a_url] = true + opts[:api_version] = 'v1.0' + super + end + + def to_s + super(AzurePowerBIGateway) + end +end diff --git a/libraries/azure_power_bi_gateways.rb b/libraries/azure_power_bi_gateways.rb new file mode 100644 index 000000000..d423d6a05 --- /dev/null +++ b/libraries/azure_power_bi_gateways.rb @@ -0,0 +1,39 @@ +require 'azure_generic_resources' + +class AzurePowerBIGateways < AzureGenericResources + name 'azure_power_bi_gateways' + desc 'Retrieves and verifies the settings of all Azure Power BI Gateways.' + example <<-EXAMPLE + describe azure_power_bi_gateways do + it { should exist } + end + EXAMPLE + + AUDIENCE = 'https://analysis.windows.net/powerbi/api'.freeze + + def initialize(opts = {}) + raise ArgumentError, 'Parameters must be provided in an Hash object.' unless opts.is_a?(Hash) + + opts[:resource_uri] = 'https://api.powerbi.com/v1.0/myorg/gateways' + opts[:audience] = AUDIENCE + opts[:add_subscription_id] = false + opts[:is_uri_a_url] = true + opts[:api_version] = 'v1.0' + super + return if failed_resource? + + populate_filter_table_from_response + end + + def to_s + super(AzurePowerBIGateways) + end + + private + + def populate_table + @resources.each do |resource| + @table << resource.merge(resource[:publicKey]) + end + end +end diff --git a/test/integration/verify/controls/azure_power_bi_gateway.rb b/test/integration/verify/controls/azure_power_bi_gateway.rb new file mode 100644 index 000000000..8648c864b --- /dev/null +++ b/test/integration/verify/controls/azure_power_bi_gateway.rb @@ -0,0 +1,8 @@ +gateway_id = input(:gateway_id, value: '') +control 'Verify settings of a Power BI Dashboard' do + describe azure_power_bi_gateway(gateway_id: gateway_id) do + it { should exist } + its('type') { should eq 'Resource' } + its('publicKey.exponent') { should eq 'AQAB' } + end +end diff --git a/test/integration/verify/controls/azure_power_bi_gateways.rb b/test/integration/verify/controls/azure_power_bi_gateways.rb new file mode 100644 index 000000000..df20edaa9 --- /dev/null +++ b/test/integration/verify/controls/azure_power_bi_gateways.rb @@ -0,0 +1,7 @@ +control 'verify settings of Power BI Gateways' do + describe azure_power_bi_gateways do + it { should exist } + its('types') { should include 'Resource' } + its('exponents') { should include 'AQAB' } + end +end diff --git a/test/unit/resources/azure_power_bi_gateway_test.rb b/test/unit/resources/azure_power_bi_gateway_test.rb new file mode 100644 index 000000000..43c30cdf7 --- /dev/null +++ b/test/unit/resources/azure_power_bi_gateway_test.rb @@ -0,0 +1,17 @@ +require_relative 'helper' +require 'azure_power_bi_gateway' + +class AzurePowerBIGatewayConstructorTest < Minitest::Test + def test_empty_param_not_ok + assert_raises(ArgumentError) { AzurePowerBIGateway.new } + end + + # resource_provider should not be allowed. + def test_resource_provider_not_ok + assert_raises(ArgumentError) { AzurePowerBIGateway.new(resource_provider: 'some_type') } + end + + def test_resource_group_name_alone_ok + assert_raises(ArgumentError) { AzurePowerBIGateway.new(name: 'my-name', resource_group: 'test') } + end +end diff --git a/test/unit/resources/azure_power_bi_gateways_test.rb b/test/unit/resources/azure_power_bi_gateways_test.rb new file mode 100644 index 000000000..ce911f31e --- /dev/null +++ b/test/unit/resources/azure_power_bi_gateways_test.rb @@ -0,0 +1,23 @@ +require_relative 'helper' + +require 'azure_power_bi_gateways' + +class AzurePowerBIGatewaysConstructorTest < Minitest::Test + # resource_type should not be allowed. + + def test_resource_type_not_ok + assert_raises(ArgumentError) { AzurePowerBIGateways.new(resource_provider: 'some_type') } + end + + def tag_value_not_ok + assert_raises(ArgumentError) { AzurePowerBIGateways.new(tag_value: 'some_tag_value') } + end + + def tag_name_not_ok + assert_raises(ArgumentError) { AzurePowerBIGateways.new(tag_name: 'some_tag_name') } + end + + def test_name_not_ok + assert_raises(ArgumentError) { AzurePowerBIGateways.new(name: 'some_name') } + end +end